Posts

Christopher Wray and the Myth Created by Parallel Construction

At the Friday Heritage Foundation Section 702 event, FBI Director Christopher Wray argued that reforming Section 702 (he suggested, illogically, making any reforms) would rebuild the wall taken down after 9/11. (Here’s the transcript, which unfortunately doesn’t include the Q&A period.)

I think back to the time that I was in government before on 9/11, right before 9/11, right after 9/11. I think about how hard dedicated men and women throughout the intelligence community worked to try to tear down the walls that had prevented us from connecting all the information that might have been able to prevent those attacks. As I said at the beginning, listening to this debate right now, watching some of the potential ideas that are being floated strikes me as eerily similar to people, well-intentioned, starting to put bricks into a wall.

There are problems with that argument (which have as much to do with our national myopia about the risks we face and how we’ve combatted them as anything else). But I’m grateful Wray made an effort to avoid the ad hominem attacks some of Section 702’s other boosters have resorted to.

Still, Wray’s response to concerns about using Section 702 in criminal prosecutions got dangerously close to that. In response to a question from David Shedd, Wray said that concerns about the topic derive from a myth. Those of us with such concerns, Wray said, are just “confused.”

There’s been a little bit of myth development in that space. When we talk about the criminal side, I think it’s important to distinguish between the tip and lead kind of scenario that I’m describing, which is where Section 702 is so important, and the prosecution end of it, where the information of any sort is being used. Section 702 has not been used for any traditional criminal case as evidence in a trial or anything like that ever, except in about 10 terrorism prosecutions. So the notion that there are criminal agents using Section 702 to make garden variety criminal cases, that’s just myth. It is not happening.

I’m reluctant to try to guess as to how people who are confused get confused. My goal is to get them straight.

To claim this is a myth, of course, Wray has to rely on a bogus number of defendants who have gotten their legally required 702 notice — ten counterterrorism cases — thereby pretending that 702 hasn’t had a key role in far, far more criminal cases, and not just in counterterrorism cases, but also counterespionage (including nation-state hacking) and counterproliferation cases.  (Interestingly, defendants are only known to have gotten notice in eight cases, meaning Wray may have revealed two more where defendants got non-public notice.) Plus, as I’ve noted, FBI submitted notice about attorney-client violations to FISC in nine cases in the time since DOJ largely stopped giving defendants notice.

The numbers just don’t add up.

Which means, in significant part, what Wray calls a myth is, in reality, parallel construction, a myth of a different sort, the myth that law enforcement tells defendants about where their cases came from or why certain approaches were used with the case, the myth created by DOJ’s secret interpretations about how they deal with legally mandated FISA notice. The myth that decides Keith Gartenlaub is a counterintelligence threat because of the conversations he conducts on Skype, a PRISM provider, with his in-laws, only to scrub all mention of those Skype conversations (and, DOJ presumably maintains in its secret policies on the issue, the legal obligation to give notice) once you go to trial.

Wray goes on to blithely describe how content collected without a warrant comes to define the tips FBI Agents get, even before any evidence has been collected.

There’s the information over here, that the Agent is seeing in real time in the US. That’s the tip or the lead. And then there’s the information in the database. And it’s the connection that’s important. Let me talk about what’s in the database, first, and what isn’t. What’s in the database — that 4.3% [of the NSA’s targets] — that’s not evidence of garden variety criminal conduct. The only stuff that’s in that is information about foreigners, reasonably believed to be overseas, for foreign intelligence purposes. So that’s foreign intelligence information in there. That’s not evidence of … I don’t know, pick an example, you know, child porn, or something else. It could be very serious, but that’s not what’s in there. So the Agent over here, if he’s in national security investigator is connecting national sec–something that he thinks is national security information with foreign intelligence information. The criminal agent, who is not doing anything related to national security, he’s not looking to try to find some national security hook for his case. He’s just trying to make sure — let’s say he’s got a cigarette smuggling case — one of the things we know is that terrorist groups have used things like cigarette smuggling to finance their activities. There are cases that Department of Justice has brought over the years on that very thing. Cigarette smuggling is a crime. Well, it could be handled one way but if it turns out that cigarette smuggling that’s designed to support Hezballah, that’s different. It needs to be viewed differently. But we won’t know if we just build a wall between the Agent and the information that’s sitting right over here in the FBI database. [my emphasis]

Wray makes another error here, in claiming that “That’s not evidence of … I don’t know, pick an example, you know, child porn,” in the information FBI deems foreign intelligence information. Either that, or the government should very quickly inform the Ninth Circuit of that fact, because Keith Gartenlaub is as we speak challenging the use of a physical search FISA order to turn nine-year old child porn lying unaccessed on his hard drives into foreign intelligence information and thereafter into a criminal prosecution.

But it’s not just Gartenlaub and a traditional FISA search. Given that 702 PRISM collection obtains not only emails, but also attachments and data stored in the cloud, it will obtain a lot more than communications, including photos. Those photos may be garden variety sexy photos shared between adults (indeed, photos of that kind were also introduced in Gartenlaub’s case). But they also may be abusive photos of children. The Intelligence Community will use both kinds — as well as all the other kinds of non-email information obtained by targeting email accounts — for its foreign intelligence purposes.

It’s fairly unfortunate that, three years after FBI asked for and obtained a change in its Section 702 minimization procedures so as to be able to easily deal with child porn discovered using it, the FBI Director claimed publicly that Section 702  data doesn’t include child porn.

Of course it does.

Whether we should want the FBI to immediately prosecute child porn discovered in the name of foreign intelligence information or, first (as happened with Gartenlaub) use it to try to flip someone to become an informant, is a policy discussion we’re not having.

But the reason we’re not having that discussion is because of the other myth being told, the myths about prosecutions that have used parallel construction to hide the whys and wherefores of the case, in large part to sustain the myth Wray is telling here, that those tips and that warrantless collection have nothing to do with each other.

I appreciate Wray’s efforts to avoid dodging the key issues by attacking those of us who recognize the 702 needs reform. But what is really going on is that the myths the government tells about how intelligence is used serves to make a real policy discussion difficult (for people like me, who know the criminal cases) and impossible (for staffers and members of Congress, who don’t). Wray and others in the intelligence community have grown so accustomed to these myths (see this Bob Litt exchange for an example), that they don’t even seem to see the implications of parallel construction for our claims to due process anymore. If we’re confused about the use of 702 information in criminal proceedings, the government is confused about how metasticizing parallel construction rots the guarantees in our Constitution.

I imagine FBI would like to defer this discussion once again; pretending reformers are the ones inventing myths is a good way to do that. But it’s important, this time around, that we call the government on the myths they tell, even while they claim we’re the ones who’re confused.

Update: When I asked FBI about the discrepancy in numbers (8 versus 10), a spox emphasized that Wray said “about” 10 cases have used 702 evidence.

Long-Serving Intelligence Executive: Sure, Government Has Been Thoroughly Pawned But What about Ordinary Citizens?

Three months after Obama rolled out a cybersecurity initiative backed by a piece in the WSJ, former Deputy Director of Defense Intelligence David Shedd has decided to critique it (the 3 month delay might have something to do with the fact that, in the interim, Shedd was getting beat up by DOD Inspector General over having created his own private limousine service).

In his op-ed, Shedd questions Obama’s embrace of a public-private partnership. He makes a good point that such government initiatives rely on voluntary participation. He insinuates that Obama ignores the contributions of Apple because of the fight over encryption.

How odd that the president didn’t even mention Apple among the other leading technology firms when it comes to cybersecurity. Apple, America’s (and the world’s) largest and most valuable technology firm, has led the industry in securing its products, a claim the others listed can’t stand by. But of course the president can’t mention Apple as a shining example of American cybersecurity, because his administration is entrenched in a political battle with the company over encryption.

It’s a fair dig. Except that’s the kind of anachronism I wouldn’t expect from a lifetime spook. It is true that Jim Comey was on the war path with Apple since the company made iPhone encryption standard in fall 2014. But things didn’t start ratcheting up until February 16, when DOJ got an All Writs Act to make Apple rewrite their operating system, after Obama wrote the op-ed that didn’t mention Apple.

Shedd then mocks Obama’s efforts to introduce more flexibility in hiring cybersecurity people. Here’s what Obama said:

We’ll do more—including offering scholarships and forgiving student loans—to recruit the best talent from Silicon Valley and across the private sector. We’ll even let them wear jeans to the office. I want this generation of innovators to know that if they really want to have an impact, they can help change how their government interacts with and serves the American people in the 21st century.

Here’s what Shedd (he of the personal limousine service) said:

While this proposal rightly addresses the need to recruit great talent, does the administration really think the ability to wear jeans is going to sway the best and brightest away from the pay in Silicon Valley?

Perhaps we’re all missing the metaphor of “wearing jeans” for smoking pot. But the truth is some people aren’t motivated primarily by personal limousine services; they would like to help the government. One real barrier to hiring talent — people like Ashkan Soltani — is something Shedd has been a very big player in: security clearances.

Which gets me to my real confusion about this piece.

First, even before he talks about how much better the tech industry, at least, is than the government on these issues, Shedd complains that there’s nothing in Obama’s policy for “everyday citizens or industry.”

It’s all well and good to talk about protecting U.S. innovation and giving every American a level of online security. But the president fails to suggest even a single solution that would impact everyday citizens or industry.

Then he lays out how absolutely incompetent the government has been in protecting itself.

[C]onsidering the fact that multiple government agencies, as well as the Justice and Homeland Security departments, have faced significant cyberattacks, this is an odd claim to make.

The most egregious breach took place less than a year ago, when the Office of Personnel Management suffered a huge data breach that continues to impact tens of millions of federal workers and contractors, including those with access to America’s most sensitive secrets. No one was fired over the incident. Is that accountability? In late February, the office’s chief information officer resigned just two days before having to testify before Congress.

The administration’s failed record in cybersecurity extends beyond the breaches on government systems. In a recent score card released by the House Oversight and Government Reform Committee, the majority of federal agencies received subpar, if not failing, grades on their cybersecurity posture.

Among the worst was the Department of Energy, which is charged with protecting our nation’s nuclear technology. Given that the Obama administration had seven years to meet its cybersecurity obligations, why should the American people believe anything will change with a new initiative?

Now, if the government is a cybersecurity sieve, then why is Shedd bitching that there’s nothing in Obama’s policy for “ordinary citizens” or the private industry companies that aren’t getting pawned? Shouldn’t locking down the nation’s nuclear secrets — a point I’ve emphasized — be a higher priority than saving Target from liability when its customers get their credit card data stolen (besides the fact, for customers who can afford an iPhone, as Shedd pointed out, Apple is already doing something)? In a purportedly capitalist society, should the government free private industry of all responsibility for its own security?

Crazier still, Shedd — who worked in Bush’s National Security Council until 2005, then moved to Director of National Intelligence, then in 2010 moved to DIA — is bitching that no one (aside from Katherine Archuleta) got fired for the OPM hack. In several of those positions, Shedd was in a place where he should have been one of the people asking why the security clearance data for 21 million people was readily available to be hacked — though no one in his immediate vicinity thought to ask those questions until 2013 and even then not including the non-intelligence agencies that might be CI problems. He was in a position when he may have — probably should have — reviewed some of the underlying database consolidation of clearance databases, including (at ODNI) identifying them as a counterintelligence threat.

A report published by the Office of the Director of National Intelligence provides some insight: In order to report security clearance volume levels, the National Counterintelligence and Security Center’s Special Security Directorate (SSD) “compiled and processed data from the three primary security clearance record repositories: ODNI’s Scattered Castles (SC); DoD’s Joint Personnel Adjudication System (JPAS); and the Office of Personnel Management’s (OPM) Central Verification System (CVS). To fulfill specific reporting requirements of the FY 2010 IAA, the SSD issued a special data call to the seven IC agencies with delegated authority to conduct investigations or adjudications.” The purpose of the data call was to consolidate security clearance data.

It’s probably not Shedd’s fault personally OPM got hacked, but some of the people who directly worked for him along the way may well bear responsibility.

Moreover, when he bitches about how so little has been accomplished in Obama’s 7 years, it ought to raise questions about why nothing got accomplished in his own decade of service in a position when he might have done something. Perhaps he spent years fighting with Obama (and before him Bush) to do something about the government’s cybersecurity, but if so, that’s what he should be talking about, not that Obama wants to make it easier for hackers to wear jeans to work.

Some of Shedd’s complaints are spot on. Just not coming, as they do, from someone who spent a decade in a position to address cybersecurity himself.

Sy Hersh Writing about Politicized Intelligence Again, Syria Edition

Sy Hersh has a long piece in the London Review of Books accusing the Obama Administration of cherry-picking intelligence to present its case that Bashar al-Assad launched the chemical weapons attack on August 21.

To be clear, Hersh does not say that Assad did not launch the attack. Nor does he say al-Nusra carried out the attack. Rather, he shows that:

  • At some unidentified time since the beginning of the Civil War, Assad had discovered and neutralized wiretaps on his inner circle, leaving US intelligence blind to discussions happening among his top aides
  • Sensors planted to detect any movement of Assad’s CW immediately had not been triggered by the August 21 attack
  • By June, some intelligence entity had concluded that an Iraqi member of al-Nusra had the capability to manufacture sarin in quantity

A lot of the story serves to establish that two days after the attack, the US had yet to respond to it, presumably because it did not have any intelligence Syria had launched the attack, in part because nothing had triggered the sensors that had worked in the past. To develop its intelligence on the attack days afterwards, the NSA performed key word searches on already-collected radio communications of lower level Syrian military figures.

‘There are literally thousands of tactical radio frequencies used by field units in Syria for mundane routine communications,’ he said, ‘and it would take a huge number of NSA cryptological technicians to listen in – and the useful return would be zilch.’ But the ‘chatter’ is routinely stored on computers. Once the scale of events on 21 August was understood, the NSA mounted a comprehensive effort to search for any links to the attack, sorting through the full archive of stored communications. A keyword or two would be selected and a filter would be employed to find relevant conversations. ‘What happened here is that the NSA intelligence weenies started with an event – the use of sarin – and reached to find chatter that might relate,’ the former official said. ‘This does not lead to a high confidence assessment, unless you start with high confidence that Bashar Assad ordered it, and began looking for anything that supports that belief.’ The cherry-picking was similar to the process used to justify the Iraq war.

Ultimately, according to one of Hersh’s sources, they used intelligence collected in response to last December’s Syrian exercise on CW as the basis for what the Syrians would have been doing in case of an attack.

The former senior intelligence official explained that the hunt for relevant chatter went back to the exercise detected the previous December, in which, as Obama later said to the public, the Syrian army mobilised chemical weapons personnel and distributed gas masks to its troops. The White House’s government assessment and Obama’s speech were not descriptions of the specific events leading up to the 21 August attack, but an account of the sequence the Syrian military would have followed for any chemical attack. ‘They put together a back story,’ the former official said, ‘and there are lots of different pieces and parts. The template they used was the template that goes back to December.’

The White House presented this cherry-picked intelligence 9 days after the attack to a group of uncritical journalists (Hersh notes Jonathan Landay was excluded).

That’s the damning part of Hersh’s story on the intelligence used to support the Syrian warmongering (it is largely consistent with observations made at the time).

Hersh also describes how the NYT ignored the conclusions of MIT professor Theodore Postol, who determined at least some of the shells used in the attack were locally manufactured and had a much shorter range than publicly described.

Ultimately, though, Hersh’s biggest piece of news describes how someone — he doesn’t say who, but this part of his story relies on a senior intelligence consultant of unidentified nationality — sent Deputy DIA Director David Shedd a report on June 20 concluding that a former Iraqi CW expert with the capability of manufacturing sarin was operating in Eastern Ghouta.

An intelligence document issued in mid-summer dealt extensively with Ziyaad Tariq Ahmed, a chemical weapons expert formerly of the Iraqi military, who was said to have moved into Syria and to be operating in Eastern Ghouta. Read more

Michael Hayden’s Stone Walling

As a number of outlets have reported, in his book, Daniel Klaidman describes Michael Hayden’s effort to convince Obama to approve 6 torture techniques by demonstrating some of them on David Shedd.

But [Hayden’s] most unusual prop was David Shedd, the deputy DNI for policy, plans, and requirements. Not long into his presentation, Hayden called Shedd over. Suddenly, unexpectedly, Hayden slapped Shedd’s face. Then he grabbed him by the lapels and started to shake him. He’d wanted to throw him up against the wall during this demonstration, but there were chairs in the way. Instead he explained to Obama and his aides about the interrogation technique known as “walling,” in which detainees were thrown against a flexible artificial wall that made a loud noise on impact but caused little physical pain.

These were three of the remaining six techniques that made up the harsh interrogation methods the CIA had relied on since shortly after 9/11. (The most controversial practice, the simulated-drowning technique known as waterboarding, had not been used since 2003.) The others were the playing of loud music, keeping the lights on in the cell twenty-four hours a day, and sleep deprivation.

According to this description, on December 9, 2008, Michael Hayden told Obama the 6 permissible torture techniques at that time were:

  • facial slap
  • attention grasp
  • walling
  • use of music
  • use of light
  • sleep deprivation

Really? That’s odd.

If I’m not mistaken, the last formal Bush OLC memo embracing torture was the July 20, 2007 memo authorizing the following six techniques:

  • facial hold
  • attention grasp
  • abdominal slap
  • facial slap
  • dietary manipulation
  • sleep deprivation

There were three more letters written after this memo approving (and in one case, extending) treatment with particular detainees: August 23, 2007, November 6, 2007, and November 7, 2007. But they appear to deal with sleep deprivation, not a new approval of walling. And yet in December 2008, Hayden said CIA was using walling.

It may be that the July 2007 memo was meaningless. After all, it relied on Bradbury’s past memos (see footnote 2), including the May 10, 2005 one where Bradbury found walling to be legal. Moreover it was issued in conjunction with (though did not mention) Bush’s Executive Order 13440, which asserted,

(b) I hereby determine that a program of detention and interrogation approved by the Director of the Central Intelligence Agency fully complies with the obligations of the United States under Common Article 3, provided that:

[snip]

(iii) the interrogation practices are determined by the Director of the Central Intelligence Agency, based upon professional advice, to be safe for use with each detainee with whom they are used;

In other words, EO 13440 lets the CIA Director decide what torture techniques are legal. And so long as you’re still clinging to the 2005 torture memos, Michael Hayden can decide that even waterboarding is legal. And Michael Hayden told the incoming Administration that walling was legal.

Notably, in Hayden’s second attempt to convince the Obama Administration to use torture–roughly January 13, 2009–he appears to have suggested that Dianne Feinstein was mischaracterizing walling.

Hayden’s advocacy of the interrogation program was just as fierce: it worked, and it was vital to America’s national security, he said. Democrats had wildly mischaracterized the techniques, including California senator Dianne Feinstein, who, he said, made walling “sound like some kind of a WWF steel-cage death match,” when in fact suspects wore neck braces to avoid getting whiplash.

There’s some further story, I suspect, about why Hayden was pitching a technique that even Steven Bradbury hadn’t included in approved techniques in July 2007.